Rust SGX SDK v1.0.0
Rust SGX SDK v1.0.0 Release Notes
Baidu X-Lab provides Rust SGX SDK that is a bundle of basic libraries, scripts and ported libraries for developing Intel SGX programs in Rust programming language. Based on this SDK, developers could easily build up their SGX programs in Rust. Rust SGX SDK provides the strongest defence and helps protect the secret data reside in an enclave effectively even when the OS is compromised. It is important to real world data privacy and cloud security. Since the first day of open source, we have recevied many recommendations and supports from both academic and industry. Today, we are proudly releasing the 1.0.0 version of Rust SGX SDK, indicating that Rust SGX SDK is becoming stable and ready for production.
Intel SGX is being well adopted by industry, such as Microsoft, Ali cloud and IBM, which indicates that SGX's ability for trusted computing and data protection has been accepted by giant companies and the software stack of Intel SGX is becoming more and more critical. Ideally, the SGX application should guarantee safety from the first line of its code, instead of consumpting tremenduous of engineer-months for code auditing and fuzzing. Thus, C/C++ is not the first choice of programming language for Intel SGX applications due to the lack of memory safety guarantees. To this end, we proposed Rust SGX SDK which brings the best practice of memory safety to SGX projects, and reduces the workload of developing flawless SGX projects significantly. Based on this, we can leverage new techniques such as Non-bypassable Security Paradigm to assist the formal verification of critical security attributes on large projects, which is believed to be the state-of-art of practical application security guarantee. Apart from the C/C++ SDK provided by Intel, Rust SGX SDK is the only recommended SDK listed on Intel SGX's homepage.
From v1.0.0, Rust SGX SDK is heading towards stability and production. As a proof of concept, we provide a solution to the classic Private-Set-Intersection problem. PSI is a cryptographic technique that allows two parties to compute the intersection of their sets without revealing anything except the intersection. The PSI solution is very useful in many cases such as threat intelligence exchanging and sharing. In this proof of concept, we build a fair, trusted, reliable and attestable arbiter which can compute the intersection set with almost zero overhead and guarantee safety and security. In addition, the PSI algorithm is side channel resistant.
What's more, we provide a set of ported in-enclave WebAssembly interpreter and code samples. The support of WebAssembly (wasm) in Rust SGX SDK is an experimental feature in this version. As the hottest target platform, WebAssembly has been supported by major programming languages and compilers. Microsoft, Google, Apple and Mozilla support WebAssembly in their browser's Javascript engines. LLVM, Rust and Go provide experimental wasm as target platform and Parity has released v1.10 recently to support Wasm Smart Contracts. With the help of SGX WebAssembly interpreter, executing programs written in major programming languages and smart contract is within a stone's throw.
Good news! Rust SGX SDK proposal has been adopted by RustFest'18 and we'll present this work in Paris this week!
WebAssembly interpreter We port the Parity's wasmi to Intel SGX (see ported third party libraries at parity-wasm/wabt-rs-core/wasmi and provide the wasmi code sample. The sample code shows how to use the ported WebAssembly interpreter to passes all 70 cases in WebAssembly testsuite! . We put the ported interpreter inside the SGX enclave and provide a well-defined enclave interface for passing WebAssembly codes as input and get its results in the untrusted world. With the ported WebAssembly interpreter, one can easily execute wasm codes and protect its data safely using Intel SGX and benefits from Rust's memory safety guarantees!
Private set intersection sample As a best use case of Intel SGX, we provide a sample solution of Private-Set-Intersection in psi code sample. It is derived from the remote attestation sample and can solve the two-party private-set-intersection problem perfectly and resists side-channel attacks!
Moving to rust-stable From v1.0.0, rust-sgx-sdk is going to be more stable and prepared for production. So stable branch of Rust is the best choice for the future of rust-sgx-sdk. In this version, we support the most recent Rust stable toolchain (stable-2018-05-10) in rust-stable branch and we are not catching up with the most recent nightly build due to a series of changes and unfinished codes reside in libstd and only support nightly-2018-04-12 in the master. We strongly recommend using the rust-stable branch for better stability and production use.
Support Intel SGX SDK v2.1.3
Updated all docker images All sgx-rust/sgx-rust-experimental/sgx-rust-stable are updated accordingly. If you met problems similar to "Docker pull failed with unauthorized: authentication required", please check your network or wait for the service to recover.
Provide APIs against spectre attack We provide sgx_trts::{rsgx_lfence,rsgx_sfence,rsgx_mfence}
to help developers stop speculative execution on demand. We urge SGX developers to look at Intel's latest development guide and another guide. To defend against spectre, developers must rewrite their enclaves according to the guidance from Intel. We show how to rewrite SGX enclave to defend against spectre in TLS client/server and local attestation code samples.
New API rsgx_is_enclave_crashed
We provide sgx_trts::rsgx_is_enclave_crashed
corresponding to a new feature of Intel SGX SDK 2.1.2.
rust-protobuf We provide a ported protobuf library for SGX enclave at protobuf. And we provide an example showing how to use it at protobuf code sample. Attention: please install the rust-protobuf compiler by cargo install protobuf --vers=1.4.4
before build the sample project.